Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 70

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

Answer options

• A. The risk that users try to bypass controls and do not install required software updates.
• B. The risk that smart devices can be lost or stolen due to their mobile nature.
• C. The risk that an organization intrusively monitors personal information stored on smart devices.
• D. The risk that proprietary information is not deleted from the device when an employee leaves.

Correct answer: A

Explanation

Option A is correct because it highlights the compliance risk of users not adhering to security protocols, which is critical in a BYOD environment. Options B, C, and D, while valid risks, primarily pertain to security or privacy concerns rather than compliance with necessary software controls and updates.